Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A system for initiating establishment of a connection, the system comprising: a device intermediary between a client and a server, the device configured to: determine at least one server name indicator (SNI) for an application executing on the client and having a secure session established with the server; determine, for each domain name corresponding to the at least one SNI, a session timeout value for the corresponding domain name; and send a message to the client according to each session timeout value, to cause the client to initiate establishment of a connection for the corresponding domain name using the secure session.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. For each domain name identified by the SNIs, the device determines a specific session timeout value. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
2. The system of claim 1 , wherein the secure session comprises a secure socket layer (SSL) session, and the message comprises a server-sent event (SSE) message.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a Secure Socket Layer (SSL) session established with the server. For each domain name identified by the SNIs, the device determines a specific session timeout value. Based on these timeout values, the device sends a Server-Sent Event (SSE) message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing SSL session to optimize performance.
3. The system of claim 1 , wherein the application is configured to access a software as a service (SaaS) based resource of the server.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server and is configured to access a Software as a Service (SaaS)-based resource on the server. For each domain name identified by the SNIs, the device determines a specific session timeout value. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
4. The system of claim 1 , wherein the device is configured to determine the at least one SNI using historical data of a user of the application accessing one or more resources of the server.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. Specifically, the device determines these SNIs by analyzing historical data of a user accessing one or more resources on the server through the application. For each domain name identified by the SNIs, the device determines a specific session timeout value. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
5. The system of claim 1 , wherein the device is configured to determine the at least one SNI according to access granted to a user of the application, to one or more resources of the server.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. Specifically, the device determines these SNIs based on the access rights granted to a user of the application for specific resources on the server. For each domain name identified by the SNIs, the device determines a specific session timeout value. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
6. The system of claim 5 , wherein the access is granted according to role-base access control (RBAC).
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. Specifically, the device determines these SNIs based on the access rights granted to a user of the application for specific resources on the server, where this access is managed by Role-Based Access Control (RBAC). For each domain name identified by the SNIs, the device determines a specific session timeout value. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
7. The system of claim 1 , wherein the device is configured to determine the session timeout values using at least one of: a session timeout parameter of the device or a session timeout parameter of the application.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. For each domain name identified by the SNIs, the device determines a specific session timeout value, using either a session timeout parameter configured on the device itself or a session timeout parameter associated with the application. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
8. The system of claim 1 , wherein if the application comprises a browser, determining a first session timeout value according to a frequency or interval of client hello messages from the application, when a session timeout parameter of the device is larger in value than that of a session timeout parameter of the application.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. For each domain name identified by the SNIs, the device determines a specific session timeout value. If the application is a web browser and the device's configured session timeout is longer than the application's own session timeout, the device determines a primary session timeout value based on the frequency or interval of "client hello" messages sent from the browser. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
9. The system of claim 1 , wherein if the application comprises a browser, determining a first session timeout value according to a session timeout parameter of the device, when a session timeout parameter of the device is smaller in value than that of a session timeout parameter of the application.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. For each domain name identified by the SNIs, the device determines a specific session timeout value. If the application is a web browser and the device's configured session timeout is shorter than the application's own session timeout, the device determines a primary session timeout value directly using its own session timeout parameter. Based on these timeout values, the device sends a message to the client, prompting it to proactively re-establish or refresh its connections for the corresponding domain names, leveraging the existing secure session to optimize performance.
10. The system of claim 1 , wherein the secured session is established for the application to access a webpage of the server, and the webpage has a link associated with a first domain name, and the device is further configured to: send a first message to the client to cause the client to initiate establishment of a first connection for the first domain name using the secure session; determine a first session timeout value for the first domain name, and send a second message to the client according to the first session timeout value, to cause the client to initiate establishment of a second connection for the first domain name using the secure session.
A system helps manage secure connections for client applications. It includes a device positioned between a client and a server. This device is designed to identify the Server Name Indicators (SNIs) associated with an application running on the client, which already has a secure session established with the server. In a scenario where the secure session is used by the application to access a webpage on the server, and this webpage contains a link pointing to a first domain name, the device is further configured to first send a message to the client. This initial message prompts the client to establish a connection for that first domain name, utilizing the existing secure session (e.g., a pre-connect). Subsequently, the device determines a session timeout value specifically for this first domain. Based on this determined timeout, the device sends a second message to the client, instructing it to initiate the establishment of a subsequent connection for the same first domain name, again using the secure session, thereby proactively maintaining connectivity. For any other domain names identified by the SNIs, the device will determine their respective session timeout values and send messages to the client to cause connection re-establishment for those domains as well, using the secure session.
11. A method for initiating establishment of a connection, the method comprising: determining, by a device intermediary between a client and a server, at least one server name indicator (SNI) for an application executing on the client and having a secure session established with the server; determining, by the device for each domain name corresponding to the at least one SNI, a session timeout value for the corresponding domain name; and sending, by the device, a message to the client according to each of the determined session timeout values, to cause the client to initiate establishment of a connection for the corresponding domain name using the secure session.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
12. The method of claim 11 , wherein the secure session comprises a secure socket layer (SSL) session, and the message comprises a server-sent event (SSE) message.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing Secure Socket Layer (SSL) session established with the server. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. Subsequently, the device sends a Server-Sent Event (SSE) message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the SSL session. This helps maintain optimized secure connectivity for the application.
13. The method of claim 11 , wherein the application is configured to access a software as a service (SaaS) based resource of the server.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server and is configured to access a Software as a Service (SaaS)-based resource on the server. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
14. The method of claim 11 , further comprising determining the at least one SNI using historical data of a user of the application accessing one or more resources of the server.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. This identification of SNIs is performed by using historical data of a user accessing one or more resources on the server through the application. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
15. The method of claim 11 , further comprising determining the at least one SNI according to access granted to a user of the application, to one or more resources of the server.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. This identification of SNIs is performed according to the access rights granted to a user of the application for specific resources on the server. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
16. The method of claim 15 , wherein the access is granted according to role-base access control (RBAC).
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. This identification of SNIs is performed according to the access rights granted to a user of the application for specific resources on the server, where this access is managed by Role-Based Access Control (RBAC). For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
17. The method of claim 11 , further comprising determining the session timeout values using at least one of: a session timeout parameter of the device or a session timeout parameter of the application.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value, using either a session timeout parameter configured on the device itself or a session timeout parameter associated with the application. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
18. The method of claim 11 , wherein if the application comprises a browser, the method further comprises determining a first session timeout value according to a frequency or interval of client hello messages from the application, when a session timeout parameter of the device is larger in value than that of a session timeout parameter of the application.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. If the application is a web browser and the device's configured session timeout is longer than the application's own session timeout, the method further includes determining a primary session timeout value based on the frequency or interval of "client hello" messages sent from the browser. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
19. The method of claim 11 , wherein if the application comprises a browser, the method further comprises determining a first session timeout value according to a session timeout parameter of the device, when a session timeout parameter of the device is smaller in value than that of a session timeout parameter of the application.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. For each domain name corresponding to the identified SNIs, the device determines a specific session timeout value. If the application is a web browser and the device's configured session timeout is shorter than the application's own session timeout, the method further includes determining a primary session timeout value directly using the device's own session timeout parameter. Subsequently, the device sends a message to the client, using these determined session timeout values, to prompt the client to proactively initiate or refresh connections for the respective domain names, leveraging the secure session. This helps maintain optimized secure connectivity for the application.
20. The method of claim 11 , wherein the secured session is established for the application to access a webpage of the server, and the webpage has a link associated with a first domain name, the method further comprising: sending a first message to the client to cause the client to initiate establishment of a first connection for the first domain name using the secure session; determining a first session timeout value for the first domain name, and sending a second message to the client according to the first session timeout value, to cause the client to initiate establishment of a second connection for the first domain name using the secure session.
A method for managing secure connections involves a device situated between a client and a server. The method includes the device identifying the Server Name Indicators (SNIs) for an application running on the client, which has an existing secure session established with the server. In a scenario where the secure session is used by the application to access a webpage on the server, and this webpage contains a link pointing to a first domain name, the method further includes several steps: First, the device sends an initial message to the client, prompting it to establish a connection for that first domain name, utilizing the existing secure session (e.g., a pre-connect). Then, the device determines a specific session timeout value for this first domain. Finally, based on this determined timeout, the device sends a second message to the client, instructing it to initiate the establishment of a subsequent connection for the same first domain name, again using the secure session, thereby proactively maintaining connectivity. For any other domain names corresponding to the identified SNIs, the device will determine their respective session timeout values and send messages to the client to cause connection re-establishment for those domains as well, using the secure session.
Unknown
July 21, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.